Recorded: November 3, 2016

Hosts

Episode Audio

[] Coming Soon

• Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.
• Mention the survey! http://www.securityweekly.com/survey

Over twenty years of experience in corporate leadership and management.

Developed agile products, created solutions, integrated systems and deployed technologies for both external and internal client initiatives.

Specialized in startups for the last 15 years with a focus on developing geographically diverse teams that deliver cost effective solutions with excellence.

1. What are the use cases for ProXPN?
2. How do you differentiate yourself in the market? (For our audience, why should they choose ProXPN over someone else?
3. What are the best methods for evaluating VPN products?
4. How can enterprises use your product?
5. What are some of the technologies in use on the backend?
6. Where do you see the VPN market going in 5 years?

Intel SGX is a newer method of implementing trusted computing.

• I like this comparison too: Architecturally Intel SGX is a little different from ARM TrustZone (TZ). With TZ we often think of a CPU which is in two halves i.e. the insecure world and the secure world. Communication with the secure world occurs from the insecure world via the SMC (Secure Monitor Call) instruction. In Intel SGX model we have one CPU which can have many secure enclaves (islands) (Source: https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/january/intel-software-guard-extensions-sgx-a-researchers-primer/)

• You need to develop software that uses Intel SGX, Then this code, and associated data, would be protected during execution, even if an attacker were to gain administrative privs on the box
• You can only currently write apps in C/C++
• Everyone accessing the applications would need to run this software and on hardware that supports Intel SGX.
• This would mean that all systems on the network would need to be about a year old as SGX is only available on Skylake and later processors: https://github.com/ayeks/SGX-hardware
• You would only get true protection at both ends when every system on the network is running the software and has the SGX supported hardware
• There are validation methods in SGX, a remote enclave can create a cryptographic report, essentially letting others know that SGX is in use, so we can validate that a financial institution is in fact using SGX
• Bad news, while SGX enclaves are protected, it's similar to a firewall, they have to let things in an out in order to operate, and it's speculated that this is where attacks will occur
• More bad news, it's a doubled edged sword, applications used in the business can be protected, however so can malware. Malware can run in an SGX enclave, and essentially lock out the kernel, operating system and any anti-malware products

Sources:

https://www.virusbulletin.com/virusbulletin/2014/01/sgx-good-bad-and-downright-ugly

Paul's Stories

1. This Evil Office Printer Hijacks Your Cellphone Connection
2. Three hospitals in England cancel operations over computer virus
3. Cisco says it'll make IoT safe because it owns the network
4. Ubiquiti all the things: how I finally fixed my dodgy wifi
5. Its time to regulate baby monitors
6. How Hackers Can Steal Your Cell Phone Pictures From Your Crock-Pot
7. Belkins WeMo Gear Can Hack Android Phones
8. New, fast-spreading IoT botnet hybridizes two less-effective strains to achieve quick dominance
9. Fixing the communications breakdown between IT security and the board and c-suite
10. Alarmed by Admiral's data grab? Wait until insurers can see the contents of your fridge
11. Admiral Insurance to use algorithms to set insurance prices based on customers' Facebook posts
12. Flipboard on Flipboard
13. Google security head says Pixel is as secure as the iPhone
14. Unsecured Internet of Things gadgets get hacked within 40 minutes of being connected to the net
15. Webcams Used To Attack Twitter And Reddit Recalled
16. Windows 10 Vulnerability AtomBombing Can Bypass Security Software
17. Disappearing Messages Added to Signal App
18. IoT Devices as Proxies for Cybercrime
19. Telnet, SSH prod of death smashes Cisco broadband boxes offline
20. How Hackers Plant False Flags to Hide Their Real Identities | Motherboard
21. Nuclear Power Plant Disrupted by Cyber Attack
22. JTAG Explained (finally!): Why "IoT" Makers, Software Security Folks, and Device Manufacturers Should Care - Senrio
23. We're Not Going To Beat Cybercrime In Our Lifetime
24. MITRE Will Give You $50k To Fingerprint Rogue IoT Devices
25. IoT Malware Has Apparently Reached Almost All Countries
26. Sex robots with warm skin to hit dating scene and could benefit relationships
27. 4 cybersecurity trends you need to be aware of
28. 4 cybersecurity trends you need to be aware of
29. Yahoos CISO resigned in 2015 over secret e-mail search tool ordered by feds
30. Hack Crashes Linux Distros with 48 Characters of Code

Jack's Stories

1. IoTpocalyspe, but we can't talk about it properly
2. Mirai tries to knock a country offline
3. Oh, look, 2016 and vuln disclosure battles.
4. Another look at this new "vulnerability disclosure" thing
5. Hack the planet. Or your car, or toaster- legally now.
6. The death of thought leadership

Joff's Stories

1. Critical Flaws in MySQL Give Root Access
2. Mirai Used to DDoS Liberia

Michael's (Santa) Stories